diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f5d69e0..ebb9e64 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -35,7 +35,7 @@ jobs:
           go-version: ${{ env.GO_MOD_VERSION}}
 
       - name: Set up Cache
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
@@ -99,16 +99,16 @@ jobs:
 
       - name: Docker - Set up Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Docker - Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Docker - Login to GHCR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -116,7 +116,7 @@ jobs:
 
       - name: Docker - Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: |
             ${{ env.DOCKERHUB_REPO }}
@@ -127,7 +127,7 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Docker - Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: .Dockerfile
diff --git a/go.mod b/go.mod
index f9661d9..c314e70 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/nadoo/conflag v0.3.1
 	github.com/nadoo/ipset v0.5.0
 	github.com/xtaci/kcp-go/v5 v5.6.1
-	golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f
+	golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122
 	golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6
 )
 
diff --git a/go.sum b/go.sum
index e2f87ee..0d6a49f 100644
--- a/go.sum
+++ b/go.sum
@@ -111,8 +111,8 @@ golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f h1:OeJjE6G4dgCY4PIXvIRQbE8+RX+uXZyGhUy/ksMGJoc=
-golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122 h1:NvGWuYG8dkDHFSKksI1P9faiVJ9rayE6l0+ouWVIDs8=
+golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
diff --git a/proxy/ssh/ssh.go b/proxy/ssh/ssh.go
index 7942c81..a1b91db 100644
--- a/proxy/ssh/ssh.go
+++ b/proxy/ssh/ssh.go
@@ -21,11 +21,12 @@ type SSH struct {
 	proxy  proxy.Proxy
 	addr   string
 
-	mu     sync.RWMutex
-	once   sync.Once
 	conn   net.Conn
 	client *ssh.Client
 	config *ssh.ClientConfig
+
+	once  sync.Once
+	mutex sync.RWMutex
 }
 
 func init() {
@@ -105,10 +106,10 @@ func (s *SSH) Addr() string {
 
 // Dial connects to the address addr on the network net via the proxy.
 func (s *SSH) Dial(network, addr string) (net.Conn, error) {
-	s.once.Do(func() { go s.keepConn() })
+	s.once.Do(func() { go s.keepConn(s.initConn() == nil) })
 
-	s.mu.RLock()
-	defer s.mu.RUnlock()
+	s.mutex.RLock()
+	defer s.mutex.RUnlock()
 
 	if s.client == nil {
 		return nil, errors.New("ssh client is nil")
@@ -123,11 +124,11 @@ func (s *SSH) dial(network, addr string) (net.Conn, error) {
 	return c, err
 }
 
-func (s *SSH) connect() error {
-	s.mu.Lock()
-	defer s.mu.Unlock()
+func (s *SSH) initConn() error {
+	s.mutex.Lock()
+	defer s.mutex.Unlock()
 
-	log.F("[ssh] trying connecting to %s", s.addr)
+	log.F("[ssh] connecting to %s", s.addr)
 	c, err := s.dialer.Dial("tcp", s.addr)
 	if err != nil {
 		log.F("[ssh] dial connection to %s error: %s", s.addr, err)
@@ -148,10 +149,15 @@ func (s *SSH) connect() error {
 	return nil
 }
 
-func (s *SSH) keepConn() {
+func (s *SSH) keepConn(connected bool) {
+	if connected {
+		s.client.Conn.Wait()
+		s.conn.Close()
+	}
+
 	sleep := time.Second
 	for {
-		if err := s.connect(); err != nil {
+		if err := s.initConn(); err != nil {
 			sleep *= 2
 			if sleep > time.Second*60 {
 				sleep = time.Second * 60